- point at the FDP article rather than GNU's send-pr documentation
- warn the user that PRs are public information and will be published in
mailing lists and on the web
- suggest that the user contact security-officer@ directly if the report
concerns sensitive security issues.
This backs out (sort of) delta 1.18 to perl/miniperl/Makefile.
Update to the ld(1) comment by peter in this revision:
ld(1) built as part of the cross-tools stage of buildworld has
been fixed to look for dynamic dependencies in the right place,
${WORLDTMP}/usr/lib, effective binutils/ld/Makefile,v 1.20.
Approved by: markm
Presumably the issue was with arparse.[ch]. Those are now in FREEBSD-Xlist
and FREEBSD-deletelist. So we do not import the Bison produced files that
was causing the problem.
Submitted by: ru
(the two may be different (ie, build vs. runtime))
Allow ldscript's SEARCH_DIR do be rooted somewhere other than `/'.
(in this case at TOOLS_PREFIX)
These changes are most helpful during `make buildworld' so that the shared
libs built in the middle of `make buildworld' are used vs. the ones in
/usr/lib on the build machine.
Submitted by: ru
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks. Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them. (See PR below for details).
This means man(1) can no longer create system catpages on a
regular user's behalf. (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)
To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.
PR: bin/32791
back (as of man.c,v 1.45), change the meaning of the -m option
from poorly documented and badly coded "alternate system" to a
much more useful "different architecture for the same system".
PR: docs/31261